syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1351]
Subsystems
🐞 Fixed [7077]
🐞 Invalid [18631]
Missing Backports [221]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KCSAN: data-race in pfifo_fast_dequeue / pfifo_fast_enqueue (5)

Status: auto-obsoleted due to no activity on 2025/10/12 11:19
Subsystems: net
[Documentation on labels]
First crash: 257d, last: 257d
Similar bugs (5)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in pfifo_fast_dequeue / pfifo_fast_enqueue (6) net 6 4 30d 50d 0/29 upstream: reported on 2026/03/12 15:26
upstream KCSAN: data-race in pfifo_fast_dequeue / pfifo_fast_enqueue (4) net 6 1 776d 776d 0/29 auto-obsoleted due to no activity on 2024/04/20 09:12
upstream KCSAN: data-race in pfifo_fast_dequeue / pfifo_fast_enqueue (3) net 6 2 994d 977d 0/29 auto-obsoleted due to no activity on 2023/09/15 15:27
upstream KCSAN: data-race in pfifo_fast_dequeue / pfifo_fast_enqueue (2) net 6 1 1586d 1586d 0/29 auto-closed as invalid on 2022/01/31 12:56
upstream KCSAN: data-race in pfifo_fast_dequeue / pfifo_fast_enqueue net 6 1 1899d 1899d 0/29 auto-closed as invalid on 2021/03/24 02:52

Sample crash report:
==================================================================
BUG: KCSAN: data-race in pfifo_fast_dequeue / pfifo_fast_enqueue

write to 0xffff888117fb4ab0 of 8 bytes by task 5906 on cpu 1:
 __ptr_ring_discard_one include/linux/ptr_ring.h:280 [inline]
 __ptr_ring_consume include/linux/ptr_ring.h:301 [inline]
 __skb_array_consume include/linux/skb_array.h:98 [inline]
 pfifo_fast_dequeue+0xab2/0xe70 net/sched/sch_generic.c:769
 dequeue_skb net/sched/sch_generic.c:294 [inline]
 qdisc_restart net/sched/sch_generic.c:399 [inline]
 __qdisc_run+0x189/0xc60 net/sched/sch_generic.c:417
 __dev_xmit_skb net/core/dev.c:4104 [inline]
 __dev_queue_xmit+0xed4/0x2000 net/core/dev.c:4679
 dev_queue_xmit include/linux/netdevice.h:3361 [inline]
 neigh_hh_output include/net/neighbour.h:531 [inline]
 neigh_output include/net/neighbour.h:545 [inline]
 ip_finish_output2+0x77f/0x8b0 net/ipv4/ip_output.c:235
 __ip_finish_output net/ipv4/ip_output.c:-1 [inline]
 ip_finish_output+0x114/0x2a0 net/ipv4/ip_output.c:323
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip_output+0xbd/0x190 net/ipv4/ip_output.c:436
 dst_output include/net/dst.h:461 [inline]
 ip_local_out net/ipv4/ip_output.c:129 [inline]
 ip_send_skb+0x12c/0x160 net/ipv4/ip_output.c:1506
 udp_send_skb+0x6e3/0xa40 net/ipv4/udp.c:1195
 udp_sendmsg+0x1050/0x13c0 net/ipv4/udp.c:1484
 inet_sendmsg+0xac/0xd0 net/ipv4/af_inet.c:851
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x102/0x180 net/socket.c:729
 ____sys_sendmsg+0x345/0x4e0 net/socket.c:2614
 ___sys_sendmsg+0x17b/0x1d0 net/socket.c:2668
 __sys_sendmmsg+0x178/0x300 net/socket.c:2757
 __do_sys_sendmmsg net/socket.c:2784 [inline]
 __se_sys_sendmmsg net/socket.c:2781 [inline]
 __x64_sys_sendmmsg+0x57/0x70 net/socket.c:2781
 x64_sys_call+0x1c4a/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:308
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888117fb4ab0 of 8 bytes by task 5908 on cpu 0:
 __ptr_ring_produce include/linux/ptr_ring.h:106 [inline]
 ptr_ring_produce include/linux/ptr_ring.h:129 [inline]
 skb_array_produce include/linux/skb_array.h:44 [inline]
 pfifo_fast_enqueue+0xd5/0x2c0 net/sched/sch_generic.c:740
 dev_qdisc_enqueue net/core/dev.c:4068 [inline]
 __dev_xmit_skb net/core/dev.c:4110 [inline]
 __dev_queue_xmit+0x8dc/0x2000 net/core/dev.c:4679
 dev_queue_xmit include/linux/netdevice.h:3361 [inline]
 neigh_hh_output include/net/neighbour.h:531 [inline]
 neigh_output include/net/neighbour.h:545 [inline]
 ip_finish_output2+0x77f/0x8b0 net/ipv4/ip_output.c:235
 __ip_finish_output net/ipv4/ip_output.c:-1 [inline]
 ip_finish_output+0x114/0x2a0 net/ipv4/ip_output.c:323
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip_output+0xbd/0x190 net/ipv4/ip_output.c:436
 dst_output include/net/dst.h:461 [inline]
 ip_local_out net/ipv4/ip_output.c:129 [inline]
 ip_send_skb+0x12c/0x160 net/ipv4/ip_output.c:1506
 udp_send_skb+0x6e3/0xa40 net/ipv4/udp.c:1195
 udp_sendmsg+0x1050/0x13c0 net/ipv4/udp.c:1484
 inet_sendmsg+0xac/0xd0 net/ipv4/af_inet.c:851
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x102/0x180 net/socket.c:729
 ____sys_sendmsg+0x345/0x4e0 net/socket.c:2614
 ___sys_sendmsg+0x17b/0x1d0 net/socket.c:2668
 __sys_sendmmsg+0x178/0x300 net/socket.c:2757
 __do_sys_sendmmsg net/socket.c:2784 [inline]
 __se_sys_sendmmsg net/socket.c:2781 [inline]
 __x64_sys_sendmmsg+0x57/0x70 net/socket.c:2781
 x64_sys_call+0x1c4a/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:308
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0xffff88811ef4b600 -> 0x0000000000000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 5908 Comm: syz.2.10188 Not tainted 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/08/17 11:13 upstream 99bade344cfa 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in pfifo_fast_dequeue / pfifo_fast_enqueue
* Struck through repros no longer work on HEAD.